diff --git a/configure.ac b/configure.ac index 47ca1109..b5d3543d 100644 --- a/configure.ac +++ b/configure.ac @@ -2,7 +2,7 @@ # Process this file with autoconf to produce a configure script. AC_PREREQ([2.68]) -AC_INIT([qatengine], [0.6.10], []) +AC_INIT([qatengine], [0.6.11], []) AC_CONFIG_SRCDIR([config.h.in]) AC_CONFIG_HEADERS([config.h]) AC_CONFIG_AUX_DIR([.]) @@ -576,15 +576,18 @@ fi if test "x$enable_qat_sw_sm2" != "xno" -a "x$cflags_qat_sw" != "x" then enable_qat_sw_sm2="-DENABLE_QAT_SW_SM2" - AC_MSG_NOTICE([Accelerating SM3 to Software (Multi-buffer)]) + AC_MSG_NOTICE([Accelerating SM2 to Software (Multi-buffer)]) +else + enable_qat_sw_sm2="" + AC_MSG_NOTICE([Not Accelerating SM2 to Software]) fi -if test "x$enable_qat_sw_sm3" != "xno" -a "x$cflags_qat_sw" != "x" +if test "x$enable_qat_sw_sm3" = "xyes" -a "x$cflags_qat_sw" != "x" then enable_qat_sw_sm3="-DENABLE_QAT_SW_SM3" - AC_MSG_NOTICE([Accelerating SM3 to Software]) + AC_MSG_NOTICE([Accelerating SM3 to Software (experimental)]) else - enable_qat_sw_sm3="-DDISABLE_QAT_SW_SM3" + enable_qat_sw_sm3="" AC_MSG_NOTICE([Not Accelerating SM3 to Software]) fi diff --git a/docs/config_options.md b/docs/config_options.md index b22c6338..96cfd71c 100644 --- a/docs/config_options.md +++ b/docs/config_options.md @@ -166,10 +166,20 @@ The following is a list of the options that can be used with the '--enable-qat_sw' (enabled by default if qat_sw is enabled). --disable-qat_sw_ecdh/--enable-qat_sw_ecdh - Disable/Enable Intel(R) QAT Software ECDH P-256/P-384 acceleration. + Disable/Enable Intel(R) QAT Software ECDH P-256/P-384/SM2 acceleration. This flag is valid only when QAT SW acceleration is enabled using the flag '--enable-qat_sw' (enabled by default if qat_sw is enabled). +--disable-qat_sw_sm2/--enable-qat_sw_sm2 + Disable/Enable Intel(R) QAT Software ECDSA SM2 acceleration. + This flag is valid only when QAT SW acceleration is enabled using the flag + '--enable-qat_sw' (enabled by default if qat_sw is enabled). + +--disable-qat_sw_sm3/--enable-qat_sw_sm3 + Disable/Enable Intel(R) QAT Software SM3 acceleration. + This flag is valid only when QAT SW acceleration is enabled using the flag + '--enable-qat_sw' (disabled by default). + --disable-qat_small_pkt_offload/--enable-qat_small_pkt_offload Enable the acceleration of small packet cipher operations to Intel(R) QAT Hardware. When disabled, these operations are performed using the CPU diff --git a/docs/features.md b/docs/features.md index e65253cb..6196df1f 100644 --- a/docs/features.md +++ b/docs/features.md @@ -30,8 +30,11 @@ * ECDH Support for the following curves: * Montgomery EC Curve: X25519 * NIST Prime Curves: P-256/P-384 + * SM2 * ECDSA Support for the following curves: * NIST Prime Curves: P-256/P-384 + * SM2 + * SM3 Hash Support using 16 Multibuffer requests (Experimental). * AES128-GCM, AES192-GCM and AES256-GCM [QAT_HW & QAT_SW Co-existence Feature](qat_hw.md#qat-hw-and-qat-sw-co-existence-feature) diff --git a/docs/limitations.md b/docs/limitations.md index dc0235f5..8944d13a 100644 --- a/docs/limitations.md +++ b/docs/limitations.md @@ -31,3 +31,8 @@ sshd looks to be closing the file descriptors associated with QAT engine and driver after initialising openssl. Work around in sshd which comments out the closefrom() calls is needed to unblock the issue. +* SM2 ECDH and ECDSA application testing is done using BabaSSL only since OpenSSL + doesn't support SMx cipher suites. +* SM3 is disabled by default due to known issue from cryto_mb. When SM3 enabled, + Performance drop observed in mulithread scenario for all ciphers suites + due to the locks at engine_table_select in OpenSSL. diff --git a/docs/software_requirements.md b/docs/software_requirements.md index 702f37c2..bd622841 100644 --- a/docs/software_requirements.md +++ b/docs/software_requirements.md @@ -8,9 +8,9 @@ Driver for FreeBSD. This release was validated on the following: * Operating system: CentOS\* 7.4 64-bit version & FreeBSD\* 11.4 64-bit version * Kernel: GNU\*/Linux\* 3.10.0-693 -* Intel® Communications Chipset C62X Series Software for Linux\*, version **4.15** +* Intel® Communications Chipset C62X Series Software for Linux\*, version **4.16** * Intel® Communications Chipset C62X Series Software for FreeBSD\*, version **3.11** -* OpenSSL\* 1.1.1l & 3.0 +* OpenSSL\* 1.1.1m & 3.0.1 ## qat_sw Requirements Successful operation of the Intel® QAT Software acceleration requires a @@ -31,7 +31,7 @@ This release was validated on the following: * Intel® Crypto Multi-buffer library from the [ipp-crypto][1] release version **IPP Crypto 2021.4** * Intel® Multi-Buffer crypto for IPsec Library release version **v1.0** -* OpenSSL\* 1.1.1l & 3.0 +* OpenSSL\* 1.1.1m & 3.0.1 [1]:https://github.com/intel/ipp-crypto [2]:https://github.com/intel/ipp-crypto/tree/develop/sources/ippcp/crypto_mb diff --git a/e_qat.c b/e_qat.c index e06f8f61..827e3024 100644 --- a/e_qat.c +++ b/e_qat.c @@ -154,13 +154,13 @@ const char *engine_qat_id = STR(QAT_ENGINE_ID); #if defined(QAT_HW) && defined(QAT_SW) const char *engine_qat_name = - "Reference implementation of QAT crypto engine(qat_hw & qat_sw) v0.6.10"; + "Reference implementation of QAT crypto engine(qat_hw & qat_sw) v0.6.11"; #elif QAT_HW const char *engine_qat_name = - "Reference implementation of QAT crypto engine(qat_hw) v0.6.10"; + "Reference implementation of QAT crypto engine(qat_hw) v0.6.11"; #else const char *engine_qat_name = - "Reference implementation of QAT crypto engine(qat_sw) v0.6.10"; + "Reference implementation of QAT crypto engine(qat_sw) v0.6.11"; #endif unsigned int engine_inited = 0; @@ -388,6 +388,8 @@ static int qat_engine_destroy(ENGINE *e) qat_hw_prf_offload = 0; qat_hw_hkdf_offload = 0; qat_sw_ecx_offload = 0; + qat_sw_sm2_offload = 0; + qat_sw_sm3_offload = 0; QAT_DEBUG_LOG_CLOSE(); ERR_unload_QAT_strings(); return 1; diff --git a/e_qat.txt b/e_qat.txt index 90eb99a0..81609c8d 100644 --- a/e_qat.txt +++ b/e_qat.txt @@ -358,22 +358,25 @@ QAT_R_SET_TAG_INVALID_OP:326:set tag invalid op QAT_R_SHA3_CTX_NULL:327:sha3 ctx null QAT_R_SIG_GET_R_S_FAILURE:328:sig get r s failure QAT_R_SIG_MALLOC_FAILURE:329:sig malloc failure -QAT_R_SSD_MALLOC_FAILURE:330:ssd malloc failure -QAT_R_SSD_NULL:331:ssd null -QAT_R_START_INSTANCE_FAILURE:332:start instance failure -QAT_R_STOP_INSTANCE_FAILURE:333:stop instance failure -QAT_R_SW_GET_COMPUTE_KEY_PFUNC_NULL:334:sw get compute key pfunc null -QAT_R_SW_GET_KEYGEN_PFUNC_NULL:335:sw get keygen pfunc null -QAT_R_SW_GET_SIGN_PFUNC_NULL:336:sw get sign pfunc null -QAT_R_SW_GET_SIGN_SETUP_PFUNC_NULL:337:sw get sign setup pfunc null -QAT_R_SW_GET_SIGN_SIG_PFUNC_NULL:338:sw get sign sig pfunc null -QAT_R_SW_GET_VERIFY_SIG_PFUNC_NULL:339:sw get verify sig pfunc null -QAT_R_SW_METHOD_NULL:340:sw method null -QAT_R_S_NULL:341:s null -QAT_R_S_Q_COMPARE_FAILURE:342:s q compare failure -QAT_R_UNKNOWN_PADDING:343:unknown padding -QAT_R_UNKNOWN_PADDING_TYPE:344:unknown padding type -QAT_R_WAKE_PAUSE_JOB_FAILURE:345:wake pause job failure -QAT_R_X_Y_TX_TY_BN_MALLOC_FAILURE:346:x y tx ty bn malloc failure -QAT_R_X_Y_Z_MALLOC_FAILURE:347:x y z malloc failure -QAT_R_Z_ALLOCATE_FAILURE:348:z allocate failure +QAT_R_SM3_FINAL_FAILURE:330:sm3 final failure +QAT_R_SM3_INIT_FAILURE:331:sm3 init failure +QAT_R_SM3_UPDATE_FAILURE:332:sm3 update failure +QAT_R_SSD_MALLOC_FAILURE:333:ssd malloc failure +QAT_R_SSD_NULL:334:ssd null +QAT_R_START_INSTANCE_FAILURE:335:start instance failure +QAT_R_STOP_INSTANCE_FAILURE:336:stop instance failure +QAT_R_SW_GET_COMPUTE_KEY_PFUNC_NULL:337:sw get compute key pfunc null +QAT_R_SW_GET_KEYGEN_PFUNC_NULL:338:sw get keygen pfunc null +QAT_R_SW_GET_SIGN_PFUNC_NULL:339:sw get sign pfunc null +QAT_R_SW_GET_SIGN_SETUP_PFUNC_NULL:340:sw get sign setup pfunc null +QAT_R_SW_GET_SIGN_SIG_PFUNC_NULL:341:sw get sign sig pfunc null +QAT_R_SW_GET_VERIFY_SIG_PFUNC_NULL:342:sw get verify sig pfunc null +QAT_R_SW_METHOD_NULL:343:sw method null +QAT_R_S_NULL:344:s null +QAT_R_S_Q_COMPARE_FAILURE:345:s q compare failure +QAT_R_UNKNOWN_PADDING:346:unknown padding +QAT_R_UNKNOWN_PADDING_TYPE:347:unknown padding type +QAT_R_WAKE_PAUSE_JOB_FAILURE:348:wake pause job failure +QAT_R_X_Y_TX_TY_BN_MALLOC_FAILURE:349:x y tx ty bn malloc failure +QAT_R_X_Y_Z_MALLOC_FAILURE:350:x y z malloc failure +QAT_R_Z_ALLOCATE_FAILURE:351:z allocate failure diff --git a/e_qat_err.c b/e_qat_err.c index 9a701c48..0fc65126 100644 --- a/e_qat_err.c +++ b/e_qat_err.c @@ -475,6 +475,9 @@ static ERR_STRING_DATA QAT_str_reasons[] = { {ERR_PACK(0, 0, QAT_R_SHA3_CTX_NULL), "sha3 ctx null"}, {ERR_PACK(0, 0, QAT_R_SIG_GET_R_S_FAILURE), "sig get r s failure"}, {ERR_PACK(0, 0, QAT_R_SIG_MALLOC_FAILURE), "sig malloc failure"}, + {ERR_PACK(0, 0, QAT_R_SM3_FINAL_FAILURE), "sm3 final failure"}, + {ERR_PACK(0, 0, QAT_R_SM3_INIT_FAILURE), "sm3 init failure"}, + {ERR_PACK(0, 0, QAT_R_SM3_UPDATE_FAILURE), "sm3 update failure"}, {ERR_PACK(0, 0, QAT_R_SSD_MALLOC_FAILURE), "ssd malloc failure"}, {ERR_PACK(0, 0, QAT_R_SSD_NULL), "ssd null"}, {ERR_PACK(0, 0, QAT_R_START_INSTANCE_FAILURE), "start instance failure"}, diff --git a/e_qat_err.h b/e_qat_err.h index fc845e72..c8222e74 100644 --- a/e_qat_err.h +++ b/e_qat_err.h @@ -373,24 +373,27 @@ void ERR_QAT_error(int function, int reason, char *file, int line); # define QAT_R_SHA3_CTX_NULL 327 # define QAT_R_SIG_GET_R_S_FAILURE 328 # define QAT_R_SIG_MALLOC_FAILURE 329 -# define QAT_R_SSD_MALLOC_FAILURE 330 -# define QAT_R_SSD_NULL 331 -# define QAT_R_START_INSTANCE_FAILURE 332 -# define QAT_R_STOP_INSTANCE_FAILURE 333 -# define QAT_R_SW_GET_COMPUTE_KEY_PFUNC_NULL 334 -# define QAT_R_SW_GET_KEYGEN_PFUNC_NULL 335 -# define QAT_R_SW_GET_SIGN_PFUNC_NULL 336 -# define QAT_R_SW_GET_SIGN_SETUP_PFUNC_NULL 337 -# define QAT_R_SW_GET_SIGN_SIG_PFUNC_NULL 338 -# define QAT_R_SW_GET_VERIFY_SIG_PFUNC_NULL 339 -# define QAT_R_SW_METHOD_NULL 340 -# define QAT_R_S_NULL 341 -# define QAT_R_S_Q_COMPARE_FAILURE 342 -# define QAT_R_UNKNOWN_PADDING 343 -# define QAT_R_UNKNOWN_PADDING_TYPE 344 -# define QAT_R_WAKE_PAUSE_JOB_FAILURE 345 -# define QAT_R_X_Y_TX_TY_BN_MALLOC_FAILURE 346 -# define QAT_R_X_Y_Z_MALLOC_FAILURE 347 -# define QAT_R_Z_ALLOCATE_FAILURE 348 +# define QAT_R_SM3_FINAL_FAILURE 330 +# define QAT_R_SM3_INIT_FAILURE 331 +# define QAT_R_SM3_UPDATE_FAILURE 332 +# define QAT_R_SSD_MALLOC_FAILURE 333 +# define QAT_R_SSD_NULL 334 +# define QAT_R_START_INSTANCE_FAILURE 335 +# define QAT_R_STOP_INSTANCE_FAILURE 336 +# define QAT_R_SW_GET_COMPUTE_KEY_PFUNC_NULL 337 +# define QAT_R_SW_GET_KEYGEN_PFUNC_NULL 338 +# define QAT_R_SW_GET_SIGN_PFUNC_NULL 339 +# define QAT_R_SW_GET_SIGN_SETUP_PFUNC_NULL 340 +# define QAT_R_SW_GET_SIGN_SIG_PFUNC_NULL 341 +# define QAT_R_SW_GET_VERIFY_SIG_PFUNC_NULL 342 +# define QAT_R_SW_METHOD_NULL 343 +# define QAT_R_S_NULL 344 +# define QAT_R_S_Q_COMPARE_FAILURE 345 +# define QAT_R_UNKNOWN_PADDING 346 +# define QAT_R_UNKNOWN_PADDING_TYPE 347 +# define QAT_R_WAKE_PAUSE_JOB_FAILURE 348 +# define QAT_R_X_Y_TX_TY_BN_MALLOC_FAILURE 349 +# define QAT_R_X_Y_Z_MALLOC_FAILURE 350 +# define QAT_R_Z_ALLOCATE_FAILURE 351 #endif diff --git a/qat_evp.c b/qat_evp.c index 7ee16f6e..2b9c0cac 100644 --- a/qat_evp.c +++ b/qat_evp.c @@ -208,17 +208,20 @@ static int pkt_threshold_table_size = static EC_KEY_METHOD *qat_ec_method = NULL; static EVP_PKEY_METHOD *_hidden_x25519_pmeth = NULL; static EVP_PKEY_METHOD *_hidden_x448_pmeth = NULL; +static EVP_MD *qat_sw_sm3_meth = NULL; /* Have a store of the s/w EVP_PKEY_METHOD for software fallback purposes. */ const EVP_PKEY_METHOD *sw_x25519_pmeth = NULL; const EVP_PKEY_METHOD *sw_x448_pmeth = NULL; -EVP_MD *qat_sw_sm3_meth = NULL; const EVP_MD *qat_sw_create_sm3_meth(int nid , int key_type) { #ifdef ENABLE_QAT_SW_SM3 int res = 1; + if (qat_sw_sm3_meth) + return qat_sw_sm3_meth; + if ((qat_sw_sm3_meth = EVP_MD_meth_new(nid, key_type)) == NULL) { WARN("Failed to allocate digest methods for nid %d\n", nid); return NULL; @@ -227,13 +230,14 @@ const EVP_MD *qat_sw_create_sm3_meth(int nid , int key_type) /* For now check using MBX_ALGO_X25519 as algo info for sm3 is not implemented */ if (mbx_get_algo_info(MBX_ALGO_X25519)) { res &= EVP_MD_meth_set_result_size(qat_sw_sm3_meth, 32); - res &= EVP_MD_meth_set_input_blocksize(qat_sw_sm3_meth, 64); - res &= EVP_MD_meth_set_app_datasize(qat_sw_sm3_meth, sizeof(EVP_MD*) + 580); - res &= EVP_MD_meth_set_flags(qat_sw_sm3_meth, (EVP_MD_CTX_FLAG_ONESHOT|EVP_MD_CTX_FLAG_NO_INIT)); + res &= EVP_MD_meth_set_input_blocksize(qat_sw_sm3_meth, SM3_MSG_BLOCK_SIZE); + res &= EVP_MD_meth_set_app_datasize(qat_sw_sm3_meth, sizeof(EVP_MD *) + sizeof(SM3_CTX_mb)); + res &= EVP_MD_meth_set_flags(qat_sw_sm3_meth, EVP_MD_CTX_FLAG_REUSE); res &= EVP_MD_meth_set_init(qat_sw_sm3_meth, qat_sw_sm3_init); res &= EVP_MD_meth_set_update(qat_sw_sm3_meth, qat_sw_sm3_update); res &= EVP_MD_meth_set_final(qat_sw_sm3_meth, qat_sw_sm3_final); qat_sw_sm3_offload = 1; + DEBUG("QAT SW SM3 Registration succeeded\n"); } if (0 == res) { @@ -242,11 +246,12 @@ const EVP_MD *qat_sw_create_sm3_meth(int nid , int key_type) qat_sw_sm3_meth = NULL; } - DEBUG("QAT SW SM3 Registration succeeded\n"); #endif - if (!qat_sw_sm3_offload) - return EVP_sm3(); + if (!qat_sw_sm3_offload) { + qat_sw_sm3_meth = (EVP_MD *)EVP_sm3(); + DEBUG("OpenSSL SW SM3\n"); + } return qat_sw_sm3_meth; } @@ -264,22 +269,23 @@ static const EVP_MD *qat_create_digest_meth(int nid , int pkeytype) { switch (nid) { #ifdef ENABLE_QAT_HW_SHA3 - case NID_sha3_224: - case NID_sha3_256: - case NID_sha3_384: - case NID_sha3_512: - if (qat_hw_offload) - return qat_create_sha3_meth(nid , pkeytype); + case NID_sha3_224: + case NID_sha3_256: + case NID_sha3_384: + case NID_sha3_512: + if (qat_hw_offload) + return qat_create_sha3_meth(nid , pkeytype); #endif #ifdef ENABLE_QAT_SW_SM3 - case NID_sm3: - return qat_sw_create_sm3_meth(nid , pkeytype); + case NID_sm3: + return qat_sw_create_sm3_meth(nid , pkeytype); #endif - default: - WARN("Invalid nid %d\n", nid); - return NULL; + default: + WARN("Invalid nid %d\n", nid); + return NULL; } } + /****************************************************************************** * function: * qat_digest_methods(ENGINE *e, diff --git a/qat_hw_rsa.c b/qat_hw_rsa.c index 69de60af..1ece3338 100644 --- a/qat_hw_rsa.c +++ b/qat_hw_rsa.c @@ -274,6 +274,16 @@ static int qat_rsa_decrypt(CpaCyRsaDecryptOpData * dec_op_data, int rsa_len, * will begin to poll the instance. */ QAT_INC_IN_FLIGHT_REQS(num_requests_in_flight, tlv); + if (qat_use_signals()) { + if (tlv->localOpsInFlight == 1) { + if (qat_kill_thread(qat_timer_poll_func_thread, SIGUSR1) != 0) { + WARN("qat_kill_thread error\n"); + QATerr(QAT_F_QAT_RSA_DECRYPT, ERR_R_INTERNAL_ERROR); + QAT_DEC_IN_FLIGHT_REQS(num_requests_in_flight, tlv); + return 0; + } + } + } qat_cleanup_op_done(&op_done); sync_mode_ret = qat_rsa_decrypt_CRT(dec_op_data, rsa_len, output_buf, fallback); QAT_DEC_IN_FLIGHT_REQS(num_requests_in_flight, tlv); diff --git a/qat_prov.txt b/qat_prov.txt index 11bd34ce..e8c8a115 100644 --- a/qat_prov.txt +++ b/qat_prov.txt @@ -246,22 +246,25 @@ QAT_R_SET_TAG_INVALID_OP:326:set tag invalid op QAT_R_SHA3_CTX_NULL:327:sha3 ctx null QAT_R_SIG_GET_R_S_FAILURE:328:sig get r s failure QAT_R_SIG_MALLOC_FAILURE:329:sig malloc failure -QAT_R_SSD_MALLOC_FAILURE:330:ssd malloc failure -QAT_R_SSD_NULL:331:ssd null -QAT_R_START_INSTANCE_FAILURE:332:start instance failure -QAT_R_STOP_INSTANCE_FAILURE:333:stop instance failure -QAT_R_SW_GET_COMPUTE_KEY_PFUNC_NULL:334:sw get compute key pfunc null -QAT_R_SW_GET_KEYGEN_PFUNC_NULL:335:sw get keygen pfunc null -QAT_R_SW_GET_SIGN_PFUNC_NULL:336:sw get sign pfunc null -QAT_R_SW_GET_SIGN_SETUP_PFUNC_NULL:337:sw get sign setup pfunc null -QAT_R_SW_GET_SIGN_SIG_PFUNC_NULL:338:sw get sign sig pfunc null -QAT_R_SW_GET_VERIFY_SIG_PFUNC_NULL:339:sw get verify sig pfunc null -QAT_R_SW_METHOD_NULL:340:sw method null -QAT_R_S_NULL:341:s null -QAT_R_S_Q_COMPARE_FAILURE:342:s q compare failure -QAT_R_UNKNOWN_PADDING:343:unknown padding -QAT_R_UNKNOWN_PADDING_TYPE:344:unknown padding type -QAT_R_WAKE_PAUSE_JOB_FAILURE:345:wake pause job failure -QAT_R_X_Y_TX_TY_BN_MALLOC_FAILURE:346:x y tx ty bn malloc failure -QAT_R_X_Y_Z_MALLOC_FAILURE:347:x y z malloc failure -QAT_R_Z_ALLOCATE_FAILURE:348:z allocate failure +QAT_R_SM3_FINAL_FAILURE:330:sm3 final failure +QAT_R_SM3_INIT_FAILURE:331:sm3 init failure +QAT_R_SM3_UPDATE_FAILURE:332:sm3 update failure +QAT_R_SSD_MALLOC_FAILURE:333:ssd malloc failure +QAT_R_SSD_NULL:334:ssd null +QAT_R_START_INSTANCE_FAILURE:335:start instance failure +QAT_R_STOP_INSTANCE_FAILURE:336:stop instance failure +QAT_R_SW_GET_COMPUTE_KEY_PFUNC_NULL:337:sw get compute key pfunc null +QAT_R_SW_GET_KEYGEN_PFUNC_NULL:338:sw get keygen pfunc null +QAT_R_SW_GET_SIGN_PFUNC_NULL:339:sw get sign pfunc null +QAT_R_SW_GET_SIGN_SETUP_PFUNC_NULL:340:sw get sign setup pfunc null +QAT_R_SW_GET_SIGN_SIG_PFUNC_NULL:341:sw get sign sig pfunc null +QAT_R_SW_GET_VERIFY_SIG_PFUNC_NULL:342:sw get verify sig pfunc null +QAT_R_SW_METHOD_NULL:343:sw method null +QAT_R_S_NULL:344:s null +QAT_R_S_Q_COMPARE_FAILURE:345:s q compare failure +QAT_R_UNKNOWN_PADDING:346:unknown padding +QAT_R_UNKNOWN_PADDING_TYPE:347:unknown padding type +QAT_R_WAKE_PAUSE_JOB_FAILURE:348:wake pause job failure +QAT_R_X_Y_TX_TY_BN_MALLOC_FAILURE:349:x y tx ty bn malloc failure +QAT_R_X_Y_Z_MALLOC_FAILURE:350:x y z malloc failure +QAT_R_Z_ALLOCATE_FAILURE:351:z allocate failure diff --git a/qat_prov_err.c b/qat_prov_err.c index 8b68f683..a91e9c99 100644 --- a/qat_prov_err.c +++ b/qat_prov_err.c @@ -336,6 +336,9 @@ static ERR_STRING_DATA QAT_str_reasons[] = { {ERR_PACK(0, 0, QAT_R_SHA3_CTX_NULL), "sha3 ctx null"}, {ERR_PACK(0, 0, QAT_R_SIG_GET_R_S_FAILURE), "sig get r s failure"}, {ERR_PACK(0, 0, QAT_R_SIG_MALLOC_FAILURE), "sig malloc failure"}, + {ERR_PACK(0, 0, QAT_R_SM3_FINAL_FAILURE), "sm3 final failure"}, + {ERR_PACK(0, 0, QAT_R_SM3_INIT_FAILURE), "sm3 init failure"}, + {ERR_PACK(0, 0, QAT_R_SM3_UPDATE_FAILURE), "sm3 update failure"}, {ERR_PACK(0, 0, QAT_R_SSD_MALLOC_FAILURE), "ssd malloc failure"}, {ERR_PACK(0, 0, QAT_R_SSD_NULL), "ssd null"}, {ERR_PACK(0, 0, QAT_R_START_INSTANCE_FAILURE), "start instance failure"}, diff --git a/qat_prov_err.h b/qat_prov_err.h index f3c75db8..a72514e0 100644 --- a/qat_prov_err.h +++ b/qat_prov_err.h @@ -262,24 +262,27 @@ void ERR_QAT_error(int function, int reason, const char *file, int line); # define QAT_R_SHA3_CTX_NULL 327 # define QAT_R_SIG_GET_R_S_FAILURE 328 # define QAT_R_SIG_MALLOC_FAILURE 329 -# define QAT_R_SSD_MALLOC_FAILURE 330 -# define QAT_R_SSD_NULL 331 -# define QAT_R_START_INSTANCE_FAILURE 332 -# define QAT_R_STOP_INSTANCE_FAILURE 333 -# define QAT_R_SW_GET_COMPUTE_KEY_PFUNC_NULL 334 -# define QAT_R_SW_GET_KEYGEN_PFUNC_NULL 335 -# define QAT_R_SW_GET_SIGN_PFUNC_NULL 336 -# define QAT_R_SW_GET_SIGN_SETUP_PFUNC_NULL 337 -# define QAT_R_SW_GET_SIGN_SIG_PFUNC_NULL 338 -# define QAT_R_SW_GET_VERIFY_SIG_PFUNC_NULL 339 -# define QAT_R_SW_METHOD_NULL 340 -# define QAT_R_S_NULL 341 -# define QAT_R_S_Q_COMPARE_FAILURE 342 -# define QAT_R_UNKNOWN_PADDING 343 -# define QAT_R_UNKNOWN_PADDING_TYPE 344 -# define QAT_R_WAKE_PAUSE_JOB_FAILURE 345 -# define QAT_R_X_Y_TX_TY_BN_MALLOC_FAILURE 346 -# define QAT_R_X_Y_Z_MALLOC_FAILURE 347 -# define QAT_R_Z_ALLOCATE_FAILURE 348 +# define QAT_R_SM3_FINAL_FAILURE 330 +# define QAT_R_SM3_INIT_FAILURE 331 +# define QAT_R_SM3_UPDATE_FAILURE 332 +# define QAT_R_SSD_MALLOC_FAILURE 333 +# define QAT_R_SSD_NULL 334 +# define QAT_R_START_INSTANCE_FAILURE 335 +# define QAT_R_STOP_INSTANCE_FAILURE 336 +# define QAT_R_SW_GET_COMPUTE_KEY_PFUNC_NULL 337 +# define QAT_R_SW_GET_KEYGEN_PFUNC_NULL 338 +# define QAT_R_SW_GET_SIGN_PFUNC_NULL 339 +# define QAT_R_SW_GET_SIGN_SETUP_PFUNC_NULL 340 +# define QAT_R_SW_GET_SIGN_SIG_PFUNC_NULL 341 +# define QAT_R_SW_GET_VERIFY_SIG_PFUNC_NULL 342 +# define QAT_R_SW_METHOD_NULL 343 +# define QAT_R_S_NULL 344 +# define QAT_R_S_Q_COMPARE_FAILURE 345 +# define QAT_R_UNKNOWN_PADDING 346 +# define QAT_R_UNKNOWN_PADDING_TYPE 347 +# define QAT_R_WAKE_PAUSE_JOB_FAILURE 348 +# define QAT_R_X_Y_TX_TY_BN_MALLOC_FAILURE 349 +# define QAT_R_X_Y_Z_MALLOC_FAILURE 350 +# define QAT_R_Z_ALLOCATE_FAILURE 351 #endif diff --git a/qat_sw_ec.h b/qat_sw_ec.h index bc616df9..842d4943 100644 --- a/qat_sw_ec.h +++ b/qat_sw_ec.h @@ -53,8 +53,6 @@ # include # ifdef ENABLE_QAT_SW_SM2 -int multibuff_sm2_pkey_methods(ENGINE *e, EVP_PKEY_METHOD **pmeth, - const int **nids, int nid); EVP_PKEY_METHOD *mb_sm2_pmeth(void); void process_ecdsa_sm2_sign_reqs(mb_thread_data *tlv); void process_ecdsa_sm2_verify_reqs(mb_thread_data *tlv); diff --git a/qat_sw_polling.c b/qat_sw_polling.c index df3f6325..18bbe392 100644 --- a/qat_sw_polling.c +++ b/qat_sw_polling.c @@ -710,12 +710,13 @@ void *multibuff_timer_poll_func(void *thread_ptr) multibuff_update_req_timeout(&mb_sm2ecdh_compute_req_rates); # endif #endif + #ifdef ENABLE_QAT_SW_SM3 if (mb_queue_sm3_init_get_size(tlv->sm3_init_queue) > 0) { submission_count = MULTIBUFF_MAX_SUBMISSIONS; process_sm3_init_reqs(tlv); submission_count--; - while ((mb_queue_sm3_init_get_size(tlv->sm3_init_queue) >= MULTIBUFF_MIN_BATCH) && + while ((mb_queue_sm3_init_get_size(tlv->sm3_init_queue) >= MULTIBUFF_SM3_MIN_BATCH) && (submission_count > 0)) { process_sm3_init_reqs(tlv); submission_count--; @@ -728,7 +729,7 @@ void *multibuff_timer_poll_func(void *thread_ptr) submission_count = MULTIBUFF_MAX_SUBMISSIONS; process_sm3_update_reqs(tlv); submission_count--; - while ((mb_queue_sm3_update_get_size(tlv->sm3_update_queue) >= MULTIBUFF_MIN_BATCH) && + while ((mb_queue_sm3_update_get_size(tlv->sm3_update_queue) >= MULTIBUFF_SM3_MIN_BATCH) && (submission_count > 0)) { process_sm3_update_reqs(tlv); submission_count--; @@ -741,7 +742,7 @@ void *multibuff_timer_poll_func(void *thread_ptr) submission_count = MULTIBUFF_MAX_SUBMISSIONS; process_sm3_final_reqs(tlv); submission_count--; - while ((mb_queue_sm3_final_get_size(tlv->sm3_final_queue) >= MULTIBUFF_MIN_BATCH) && + while ((mb_queue_sm3_final_get_size(tlv->sm3_final_queue) >= MULTIBUFF_SM3_MIN_BATCH) && (submission_count > 0)) { process_sm3_final_reqs(tlv); submission_count--; @@ -1063,8 +1064,7 @@ void *multibuff_timer_poll_func(void *thread_ptr) if (mb_queue_sm3_init_get_size(tlv->sm3_init_queue) >= MULTIBUFF_SM3_MAX_BATCH) { submission_count = MULTIBUFF_MAX_SUBMISSIONS; do { - /* Deal with 8 SM3 Init requests */ - DEBUG("8 SM3 Init requests in flight, process them\n"); + DEBUG("16 SM3 Init requests in flight, process them\n"); process_sm3_init_reqs(tlv); submission_count--; } while ((mb_queue_sm3_init_get_size(tlv->sm3_init_queue) >= MULTIBUFF_SM3_MIN_BATCH) && @@ -1077,8 +1077,7 @@ void *multibuff_timer_poll_func(void *thread_ptr) if (mb_queue_sm3_update_get_size(tlv->sm3_update_queue) >= MULTIBUFF_SM3_MAX_BATCH) { submission_count = MULTIBUFF_MAX_SUBMISSIONS; do { - /* Deal with 8 SM3 Update requests */ - DEBUG("8 SM3 Update requests in flight, process them\n"); + DEBUG("16 SM3 Update requests in flight, process them\n"); process_sm3_update_reqs(tlv); submission_count--; } while ((mb_queue_sm3_update_get_size(tlv->sm3_update_queue) >= MULTIBUFF_SM3_MIN_BATCH) && @@ -1090,8 +1089,7 @@ void *multibuff_timer_poll_func(void *thread_ptr) if (mb_queue_sm3_final_get_size(tlv->sm3_final_queue) >= MULTIBUFF_SM3_MAX_BATCH) { submission_count = MULTIBUFF_MAX_SUBMISSIONS; do { - /* Deal with 8 SM3 Final keygen requests */ - DEBUG("8 SM3 Final requests in flight, process them\n"); + DEBUG("16 SM3 Final requests in flight, process them\n"); process_sm3_final_reqs(tlv); submission_count--; } while ((mb_queue_sm3_final_get_size(tlv->sm3_final_queue) >= MULTIBUFF_SM3_MIN_BATCH) && diff --git a/qat_sw_request.h b/qat_sw_request.h index 3c406c7f..8f94c80a 100644 --- a/qat_sw_request.h +++ b/qat_sw_request.h @@ -59,6 +59,15 @@ #define X25519_KEYLEN 32 #define MAX_KEYLEN 57 +# pragma pack(push, 1) +typedef struct _sm3_context{ + int msg_buff_idx; + unsigned long long msg_len; + unsigned char msg_buffer[SM3_MSG_BLOCK_SIZE]; + unsigned int msg_hash[SM3_SIZE_IN_WORDS]; +} SM3_CTX_mb; +# pragma pack(pop) + typedef struct { unsigned char pubkey[MAX_KEYLEN]; unsigned char *privkey; @@ -225,7 +234,7 @@ typedef struct _ecdh_compute_op_data { typedef struct _sm3_init_op_data { struct _sm3_init_op_data *next; struct _sm3_init_op_data *prev; - SM3_CTX_mb16 *state; + SM3_CTX_mb *state; ASYNC_JOB *job; int *sts; } sm3_init_op_data; @@ -233,8 +242,8 @@ typedef struct _sm3_init_op_data { typedef struct _sm3_update_op_data { struct _sm3_update_op_data *next; struct _sm3_update_op_data *prev; - SM3_CTX_mb16 *state; - int8u **sm3_data; + SM3_CTX_mb *state; + const unsigned char *sm3_data; int sm3_len; ASYNC_JOB *job; int *sts; @@ -243,8 +252,8 @@ typedef struct _sm3_update_op_data { typedef struct _sm3_final_op_data { struct _sm3_final_op_data *next; struct _sm3_final_op_data *prev; - SM3_CTX_mb16 *state; - int8u **sm3_hash; + SM3_CTX_mb *state; + unsigned char *sm3_hash; ASYNC_JOB *job; int *sts; } sm3_final_op_data; diff --git a/qat_sw_sm2.c b/qat_sw_sm2.c index f40caf98..a233841e 100644 --- a/qat_sw_sm2.c +++ b/qat_sw_sm2.c @@ -65,6 +65,7 @@ /* Crypto_mb includes */ #include "crypto_mb/ec_sm2.h" +#include "crypto_mb/cpu_features.h" /* The default user id as specified in GM/T 0009-2012 */ # define SM2_DEFAULT_USERID "1234567812345678" @@ -103,9 +104,14 @@ static int mb_ecdsa_sm2_verify(EVP_MD_CTX *ctx, EVP_PKEY_METHOD *mb_sm2_pmeth(void) { - if (_hidden_sm2_pmeth) + if (_hidden_sm2_pmeth && qat_sw_sm2_offload) return _hidden_sm2_pmeth; + /* EVP_PKEY_meth_copy doesnt copy digest_custom from SW method + * so directly returning sw method sperately here */ + if (sw_sm2_pmeth && !qat_sw_sm2_offload) + return (EVP_PKEY_METHOD *)sw_sm2_pmeth; + if ((_hidden_sm2_pmeth = EVP_PKEY_meth_new(EVP_PKEY_SM2, 0)) == NULL) { WARN("Failed to generate pmeth\n"); @@ -117,19 +123,22 @@ EVP_PKEY_METHOD *mb_sm2_pmeth(void) } #ifdef ENABLE_QAT_SW_SM2 - EVP_PKEY_meth_set_init(_hidden_sm2_pmeth, mb_sm2_init); - EVP_PKEY_meth_set_cleanup(_hidden_sm2_pmeth, mb_sm2_cleanup); - EVP_PKEY_meth_set_ctrl(_hidden_sm2_pmeth, mb_sm2_ctrl, NULL); - EVP_PKEY_meth_set_digest_custom(_hidden_sm2_pmeth, mb_digest_custom); - EVP_PKEY_meth_set_digestsign(_hidden_sm2_pmeth, mb_ecdsa_sm2_sign); - EVP_PKEY_meth_set_digestverify(_hidden_sm2_pmeth, mb_ecdsa_sm2_verify); - - qat_sw_sm2_offload = 1; - DEBUG("QAT SW SM2 registration succeeded\n"); + if (mbx_get_algo_info(MBX_ALGO_X25519)) { + EVP_PKEY_meth_set_init(_hidden_sm2_pmeth, mb_sm2_init); + EVP_PKEY_meth_set_cleanup(_hidden_sm2_pmeth, mb_sm2_cleanup); + EVP_PKEY_meth_set_ctrl(_hidden_sm2_pmeth, mb_sm2_ctrl, NULL); + EVP_PKEY_meth_set_digest_custom(_hidden_sm2_pmeth, mb_digest_custom); + EVP_PKEY_meth_set_digestsign(_hidden_sm2_pmeth, mb_ecdsa_sm2_sign); + EVP_PKEY_meth_set_digestverify(_hidden_sm2_pmeth, mb_ecdsa_sm2_verify); + qat_sw_sm2_offload = 1; + DEBUG("QAT SW SM2 registration succeeded\n"); + } #endif - if (!qat_sw_sm2_offload) - EVP_PKEY_meth_copy(_hidden_sm2_pmeth, sw_sm2_pmeth); + if (!qat_sw_sm2_offload) { + DEBUG("OpenSSL SW ECDSA SM2\n"); + return (EVP_PKEY_METHOD *)sw_sm2_pmeth; + } return _hidden_sm2_pmeth; } @@ -693,7 +702,7 @@ static int mb_ecdsa_sm2_sign(EVP_MD_CTX *mctx, qat_pause_job(job, ASYNC_STATUS_EAGAIN); } - DEBUG("QAT SW ECDSA Started %p\n", ecdsa_sm2_sign_req); + DEBUG("QAT SW ECDSA SM2 Sign Started %p\n", ecdsa_sm2_sign_req); START_RDTSC(&ecdsa_cycles_sign_setup); /* Buffer up the requests and call the new functions when we have enough @@ -902,8 +911,6 @@ static int mb_ecdsa_sm2_verify(EVP_MD_CTX *mctx, smctx->id_len = SM2_DEFAULT_USERID_LEN; } - /* Check if we are running asynchronously */ - /* Check if we are running asynchronously */ if ((job = ASYNC_get_current_job()) == NULL) { DEBUG("Running synchronously using sw method\n"); @@ -928,6 +935,7 @@ static int mb_ecdsa_sm2_verify(EVP_MD_CTX *mctx, qat_pause_job(job, ASYNC_STATUS_EAGAIN); } + DEBUG("QAT SW ECDSA SM2 Verify Started %p\n", ecdsa_sm2_verify_req); START_RDTSC(&ecdsa_cycles_verify_setup); /* Buffer up the requests and call the new functions when we have enough diff --git a/qat_sw_sm3.c b/qat_sw_sm3.c index 5b692768..cb00cc56 100644 --- a/qat_sw_sm3.c +++ b/qat_sw_sm3.c @@ -82,17 +82,16 @@ int sm3_nid[] = { void process_sm3_init_reqs(mb_thread_data *tlv) { sm3_init_op_data *sm3_init_req_array[MULTIBUFF_SM3_BATCH] = {0}; - SM3_CTX_mb16 *sm3_init_ctx = NULL; + SM3_CTX_mb16 sm3_init_ctx = {0}; unsigned int sm3_sts = 0; int local_request_no = 0; - int req_num = 0; + int req_num = 0, i = 0; START_RDTSC(&sm3_cycles_init_execute); /* Build Arrays of pointers for call */ while ((sm3_init_req_array[req_num] = mb_queue_sm3_init_dequeue(tlv->sm3_init_queue)) != NULL) { - sm3_init_ctx = sm3_init_req_array[req_num]->state; req_num++; if (req_num == MULTIBUFF_SM3_MIN_BATCH) break; @@ -100,13 +99,19 @@ void process_sm3_init_reqs(mb_thread_data *tlv) local_request_no = req_num; DEBUG("Submitting %d SM3 init requests\n", local_request_no); - sm3_sts = mbx_sm3_init_mb16(sm3_init_ctx); + sm3_sts = mbx_sm3_init_mb16(&sm3_init_ctx); for (req_num = 0; req_num < local_request_no; req_num++) { if (sm3_init_req_array[req_num]->sts != NULL) { if (MBX_GET_STS(sm3_sts, req_num) == MBX_STATUS_OK) { DEBUG("QAT_SW SM3 init request[%d] success\n", req_num); *sm3_init_req_array[req_num]->sts = 1; + /* sm3_init_ctx->msg_buff_idx, msg_len and msg_buffer as it + * will be initialized to zero in cryto_mb as well */ + /* Copying only msg_hash as crypto_mb initializes it to + * default hash values as per std instead of zero */ + for (i=0; i < SM3_SIZE_IN_WORDS; i++) + sm3_init_req_array[req_num]->state->msg_hash[i] = sm3_init_ctx.msg_hash[i][req_num]; } else { WARN("QAT_SW SM3 init request[%d] failure\n", req_num); *sm3_init_req_array[req_num]->sts = 0; @@ -116,10 +121,9 @@ void process_sm3_init_reqs(mb_thread_data *tlv) if (sm3_init_req_array[req_num]->job) { qat_wake_job(sm3_init_req_array[req_num]->job, ASYNC_STATUS_OK); } - OPENSSL_cleanse(sm3_init_req_array[req_num], - sizeof(sm3_init_op_data)); + OPENSSL_cleanse(sm3_init_req_array[req_num], sizeof(sm3_init_op_data)); mb_flist_sm3_init_push(tlv->sm3_init_freelist, - sm3_init_req_array[req_num]); + sm3_init_req_array[req_num]); } # ifdef QAT_SW_HEURISTIC_TIMEOUT mb_sm3_init_req_rates.req_this_period += local_request_no; @@ -132,12 +136,12 @@ void process_sm3_init_reqs(mb_thread_data *tlv) void process_sm3_update_reqs(mb_thread_data *tlv) { sm3_update_op_data *sm3_update_req_array[MULTIBUFF_SM3_BATCH] = {0}; - SM3_CTX_mb16* sm3_update_ctx = NULL; - int sm3_data_len[MULTIBUFF_SM3_BATCH] = {0}; - int8u* sm3_data[MULTIBUFF_SM3_BATCH] = {0}; + int sm3_data_len[MULTIBUFF_SM3_BATCH] = {0}; + const unsigned char *sm3_data[MULTIBUFF_SM3_BATCH] = {0}; + SM3_CTX_mb16 sm3_update_ctx; unsigned int sm3_sts = 0; int local_request_no = 0; - int req_num = 0; + int req_num = 0, i = 0; START_RDTSC(&sm3_cycles_update_execute); @@ -145,8 +149,13 @@ void process_sm3_update_reqs(mb_thread_data *tlv) while ((sm3_update_req_array[req_num] = mb_queue_sm3_update_dequeue(tlv->sm3_update_queue)) != NULL) { sm3_data_len[req_num] = sm3_update_req_array[req_num]->sm3_len; - sm3_data[req_num] = (int8u *)sm3_update_req_array[req_num]->sm3_data; - sm3_update_ctx = sm3_update_req_array[req_num]->state; + sm3_data[req_num] = sm3_update_req_array[req_num]->sm3_data; + sm3_update_ctx.msg_buff_idx[req_num] = sm3_update_req_array[req_num]->state->msg_buff_idx; + sm3_update_ctx.msg_len[req_num] = sm3_update_req_array[req_num]->state->msg_len; + memcpy(sm3_update_ctx.msg_buffer[req_num], sm3_update_req_array[req_num]->state->msg_buffer, + SM3_MSG_BLOCK_SIZE); + for (i = 0; i < SM3_SIZE_IN_WORDS; i++) + sm3_update_ctx.msg_hash[i][req_num] = sm3_update_req_array[req_num]->state->msg_hash[i]; req_num++; if (req_num == MULTIBUFF_SM3_MIN_BATCH) @@ -155,14 +164,20 @@ void process_sm3_update_reqs(mb_thread_data *tlv) local_request_no = req_num; DEBUG("Submitting %d SM3 Update requests\n", local_request_no); - sm3_sts = mbx_sm3_update_mb16((const int8u **)sm3_data, + sm3_sts = mbx_sm3_update_mb16(sm3_data, sm3_data_len, - sm3_update_ctx); + &sm3_update_ctx); for (req_num = 0; req_num < local_request_no; req_num++) { if (MBX_GET_STS(sm3_sts, req_num) == MBX_STATUS_OK) { DEBUG("QAT_SW SM3 Update request[%d] success\n", req_num); *sm3_update_req_array[req_num]->sts = 1; + sm3_update_req_array[req_num]->state->msg_buff_idx = sm3_update_ctx.msg_buff_idx[req_num]; + sm3_update_req_array[req_num]->state->msg_len = sm3_update_ctx.msg_len[req_num]; + memcpy(sm3_update_req_array[req_num]->state->msg_buffer, sm3_update_ctx.msg_buffer[req_num], + SM3_MSG_BLOCK_SIZE); + for (i = 0; i < SM3_SIZE_IN_WORDS; i++) + sm3_update_req_array[req_num]->state->msg_hash[i] = sm3_update_ctx.msg_hash[i][req_num]; } else { WARN("QAT_SW SM3 Update request[%d] Failure\n", req_num); *sm3_update_req_array[req_num]->sts = 0; @@ -174,7 +189,7 @@ void process_sm3_update_reqs(mb_thread_data *tlv) OPENSSL_cleanse(sm3_update_req_array[req_num], sizeof(sm3_update_op_data)); mb_flist_sm3_update_push(tlv->sm3_update_freelist, - sm3_update_req_array[req_num]); + sm3_update_req_array[req_num]); } # ifdef QAT_SW_HEURISTIC_TIMEOUT mb_sm3_update_req_rates.req_this_period += local_request_no; @@ -187,20 +202,24 @@ void process_sm3_update_reqs(mb_thread_data *tlv) void process_sm3_final_reqs(mb_thread_data *tlv) { sm3_final_op_data *sm3_final_req_array[MULTIBUFF_SM3_BATCH] = {0}; - SM3_CTX_mb16 *sm3_final_ctx = NULL; - int8u* sm3_hash[MULTIBUFF_SM3_BATCH] = {0}; - + int8u *sm3_hash[MULTIBUFF_SM3_BATCH] = {0}; + SM3_CTX_mb16 sm3_final_ctx; unsigned int sm3_sts = 0; int local_request_no = 0; - int req_num = 0; + int req_num = 0, i = 0; START_RDTSC(&sm3_cycles_final_execute); /* Build Arrays of pointers for call */ while ((sm3_final_req_array[req_num] = mb_queue_sm3_final_dequeue(tlv->sm3_final_queue)) != NULL) { - sm3_hash[req_num] = (int8u *) sm3_final_req_array[req_num]->sm3_hash; - sm3_final_ctx = sm3_final_req_array[req_num]->state; + sm3_hash[req_num] = sm3_final_req_array[req_num]->sm3_hash; + sm3_final_ctx.msg_buff_idx[req_num] = sm3_final_req_array[req_num]->state->msg_buff_idx; + sm3_final_ctx.msg_len[req_num] = sm3_final_req_array[req_num]->state->msg_len; + memcpy(sm3_final_ctx.msg_buffer[req_num], sm3_final_req_array[req_num]->state->msg_buffer, + SM3_MSG_BLOCK_SIZE); + for (i = 0; i < SM3_SIZE_IN_WORDS; i++) + sm3_final_ctx.msg_hash[i][req_num] = sm3_final_req_array[req_num]->state->msg_hash[i]; req_num++; if (req_num == MULTIBUFF_SM3_MIN_BATCH) @@ -209,13 +228,18 @@ void process_sm3_final_reqs(mb_thread_data *tlv) local_request_no = req_num; DEBUG("Submitting %d SM3 Final requests\n", local_request_no); - sm3_sts = mbx_sm3_final_mb16(sm3_hash, - sm3_final_ctx); + sm3_sts = mbx_sm3_final_mb16(sm3_hash, &sm3_final_ctx); for (req_num = 0; req_num < local_request_no; req_num++) { if (MBX_GET_STS(sm3_sts, req_num) == MBX_STATUS_OK) { DEBUG("QAT_SW SM3 Final request[%d] success\n", req_num); *sm3_final_req_array[req_num]->sts = 1; + sm3_final_req_array[req_num]->state->msg_buff_idx = sm3_final_ctx.msg_buff_idx[req_num]; + sm3_final_req_array[req_num]->state->msg_len = sm3_final_ctx.msg_len[req_num]; + memcpy(sm3_final_req_array[req_num]->state->msg_buffer,sm3_final_ctx.msg_buffer[req_num], + SM3_MSG_BLOCK_SIZE); + for (i = 0; i < SM3_SIZE_IN_WORDS; i++) + sm3_final_req_array[req_num]->state->msg_hash[i] = sm3_final_ctx.msg_hash[i][req_num]; } else { WARN("QAT_SW SM3 Final request[%d] Failure\n", req_num); *sm3_final_req_array[req_num]->sts = 0; @@ -227,7 +251,7 @@ void process_sm3_final_reqs(mb_thread_data *tlv) OPENSSL_cleanse(sm3_final_req_array[req_num], sizeof(sm3_final_op_data)); mb_flist_sm3_final_push(tlv->sm3_final_freelist, - sm3_final_req_array[req_num]); + sm3_final_req_array[req_num]); } # ifdef QAT_SW_HEURISTIC_TIMEOUT mb_sm3_final_req_rates.req_this_period += local_request_no; @@ -253,9 +277,9 @@ int qat_sw_sm3_init(EVP_MD_CTX *ctx) return sts; } - qat_sw_sm3_ctx *sm3_ctx = (qat_sw_sm3_ctx *) EVP_MD_CTX_md_data(ctx); + SM3_CTX_mb *sm3_ctx = (SM3_CTX_mb *) EVP_MD_CTX_md_data(ctx); if (unlikely(sm3_ctx == NULL)) { - WARN("sm3_ctx (type qat_sw_sm3_ctx) is NULL.\n"); + WARN("sm3_ctx (type SM3_CTX_mb) is NULL.\n"); QATerr(QAT_F_QAT_SW_SM3_INIT, QAT_R_CTX_NULL); return sts; } @@ -288,8 +312,7 @@ int qat_sw_sm3_init(EVP_MD_CTX *ctx) /* Buffer up the requests and call the new functions when we have enough requests buffered up */ - sm3_ctx->sm3_state = OPENSSL_secure_malloc(sizeof(SM3_CTX_mb16)); - sm3_init_req->state = sm3_ctx->sm3_state; + sm3_init_req->state = sm3_ctx; sm3_init_req->job = job; sm3_init_req->sts = &sts; mb_queue_sm3_init_enqueue(tlv->sm3_init_queue, sm3_init_req); @@ -304,7 +327,7 @@ int qat_sw_sm3_init(EVP_MD_CTX *ctx) } } - DEBUG("Pausing: %p status = %d\n", sm3_init_req, sts); + DEBUG("Pausing: %p status = %d sm3_ctx %p\n", sm3_init_req, sts, sm3_init_req->state); do { /* If we get a failure on qat_pause_job then we will not flag an error here and quit because we have @@ -323,27 +346,16 @@ int qat_sw_sm3_init(EVP_MD_CTX *ctx) if (sts) { return sts; } else { - WARN("Failure in Keygen\n"); - QATerr(QAT_F_QAT_SW_SM3_INIT, QAT_R_KEYGEN_FAILURE); - goto err; + WARN("Failure in SM3 Init\n"); + QATerr(QAT_F_QAT_SW_SM3_INIT, QAT_R_SM3_INIT_FAILURE); + return sts; } -err: - if (sts == 0) { - if (NULL != sm3_ctx->sm3_state) { - OPENSSL_secure_free(sm3_ctx->sm3_state); - sm3_ctx->sm3_state = NULL; - } - } - return sts; - use_sw_method: - sw_fn_ptr = EVP_MD_meth_get_init((EVP_MD *)EVP_sm3()); sts = (*sw_fn_ptr)(ctx); - DEBUG("SW Finished\n"); + DEBUG("SW Finished %p\n", ctx); return sts; - } int qat_sw_sm3_update(EVP_MD_CTX *ctx, const void *in, size_t len) @@ -361,9 +373,9 @@ int qat_sw_sm3_update(EVP_MD_CTX *ctx, const void *in, size_t len) return 0; } - qat_sw_sm3_ctx *sm3_ctx = (qat_sw_sm3_ctx *) EVP_MD_CTX_md_data(ctx); + SM3_CTX_mb *sm3_ctx = (SM3_CTX_mb *) EVP_MD_CTX_md_data(ctx); if (unlikely(sm3_ctx == NULL)) { - WARN("sm3_ctx (type qat_sw_sm3_ctx) is NULL.\n"); + WARN("sm3_ctx (type SM3_CTX_mb) is NULL.\n"); QATerr(QAT_F_QAT_SW_SM3_UPDATE, QAT_R_CTX_NULL); return sts; } @@ -392,14 +404,14 @@ int qat_sw_sm3_update(EVP_MD_CTX *ctx, const void *in, size_t len) qat_pause_job(job, ASYNC_STATUS_EAGAIN); } - DEBUG("QAT SW SM3 Update Started %p\n", sm3_update_req); + DEBUG("QAT SW SM3 Update Started %p len %zu\n", sm3_update_req, len); START_RDTSC(&sm3_cycles_update_setup); /* Buffer up the requests and call the new functions when we have enough requests buffered up */ - sm3_update_req->sm3_data = (int8u **)in; + sm3_update_req->state = sm3_ctx; + sm3_update_req->sm3_data = (const unsigned char *)in; sm3_update_req->sm3_len = len; - sm3_update_req->state = sm3_ctx->sm3_state; sm3_update_req->job = job; sm3_update_req->sts = &sts; @@ -415,7 +427,7 @@ int qat_sw_sm3_update(EVP_MD_CTX *ctx, const void *in, size_t len) } } - DEBUG("Pausing: %p status = %d\n", sm3_update_req, sts); + DEBUG("Pausing: %p status = %d sm3_ctx %p\n", sm3_update_req, sts, sm3_update_req->state); do { /* If we get a failure on qat_pause_job then we will not flag an error here and quit because we have @@ -434,15 +446,15 @@ int qat_sw_sm3_update(EVP_MD_CTX *ctx, const void *in, size_t len) if (sts) { return sts; } else { - WARN("Failure in update\n"); - QATerr(QAT_F_QAT_SW_SM3_UPDATE, QAT_R_DERIVE_FAILURE); + WARN("Failure in SM3 Update\n"); + QATerr(QAT_F_QAT_SW_SM3_UPDATE, QAT_R_SM3_UPDATE_FAILURE); return sts; } use_sw_method: sw_fn_ptr = EVP_MD_meth_get_update((EVP_MD *)EVP_sm3()); sts = (*sw_fn_ptr)(ctx, in, len); - DEBUG("SW Finished\n"); + DEBUG("SW Finished %p\n", ctx); return sts; } @@ -461,9 +473,9 @@ int qat_sw_sm3_final(EVP_MD_CTX *ctx, unsigned char *md) return 0; } - qat_sw_sm3_ctx *sm3_ctx = (qat_sw_sm3_ctx *) EVP_MD_CTX_md_data(ctx); + SM3_CTX_mb *sm3_ctx = (SM3_CTX_mb *) EVP_MD_CTX_md_data(ctx); if (unlikely(sm3_ctx == NULL)) { - WARN("sm3_ctx (type qat_sw_sm3_ctx) is NULL.\n"); + WARN("sm3_ctx (type SM3_CTX_mb) is NULL.\n"); QATerr(QAT_F_QAT_SW_SM3_FINAL, QAT_R_CTX_NULL); return sts; } @@ -492,13 +504,13 @@ int qat_sw_sm3_final(EVP_MD_CTX *ctx, unsigned char *md) qat_pause_job(job, ASYNC_STATUS_EAGAIN); } - DEBUG("QAT SW SM3 Final Started %p\n", sm3_final_req); + DEBUG("QAT SW SM3 final Started %p\n", sm3_final_req); START_RDTSC(&sm3_cycles_final_setup); /* Buffer up the requests and call the new functions when we have enough requests buffered up */ - sm3_final_req->sm3_hash = (int8u **)md; - sm3_final_req->state = sm3_ctx->sm3_state; + sm3_final_req->state = sm3_ctx; + sm3_final_req->sm3_hash = md; sm3_final_req->job = job; sm3_final_req->sts = &sts; @@ -514,7 +526,7 @@ int qat_sw_sm3_final(EVP_MD_CTX *ctx, unsigned char *md) } } - DEBUG("Pausing: %p status = %d\n", sm3_final_req, sts); + DEBUG("Pausing: %p status = %d sm3_ctx %p\n", sm3_final_req, sts, sm3_final_req->state); do { /* If we get a failure on qat_pause_job then we will not flag an error here and quit because we have @@ -533,14 +545,14 @@ int qat_sw_sm3_final(EVP_MD_CTX *ctx, unsigned char *md) if (sts) { return sts; } else { - WARN("Failure in update\n"); - QATerr(QAT_F_QAT_SW_SM3_FINAL, QAT_R_DERIVE_FAILURE); + WARN("Failure in SM3 Final\n"); + QATerr(QAT_F_QAT_SW_SM3_FINAL, QAT_R_SM3_FINAL_FAILURE); return sts; } use_sw_method: sw_fn_ptr = EVP_MD_meth_get_final((EVP_MD *)EVP_sm3()); sts = (*sw_fn_ptr)(ctx, md); - DEBUG("SW Finished\n"); + DEBUG("SW Finished %p\n", ctx); return sts; } diff --git a/qat_sw_sm3.h b/qat_sw_sm3.h index fb1dcfcb..bdf5a1b0 100644 --- a/qat_sw_sm3.h +++ b/qat_sw_sm3.h @@ -49,10 +49,6 @@ # include # include -typedef struct _qat_sw_sm3_state{ - SM3_CTX_mb16 *sm3_state; -}qat_sw_sm3_ctx; - /* QAT_SW SM3 methods declaration */ const EVP_MD *qat_sw_create_sm3_meth(int nid , int key_type); diff --git a/qatengine-sw.spec b/qatengine-sw.spec index d98eaa57..6afe9ef3 100644 --- a/qatengine-sw.spec +++ b/qatengine-sw.spec @@ -4,7 +4,7 @@ %global enginesdir %(pkg-config --variable=enginesdir libcrypto) Name: qatengine-sw -Version: 0.6.10 +Version: 0.6.11 Release: 1%{?dist} Summary: Intel QuickAssist Technology (QAT) OpenSSL Engine # Most of the source code is BSD, with the following exceptions: @@ -49,6 +49,9 @@ autoreconf -ivf %exclude %{enginesdir}/qatengine.la %changelog +* Tue Jan 18 2022 Yogaraj Alamenda - 0.6.11-1 +- Update to qatengine v0.6.11 + * Thu Oct 28 2021 Yogaraj Alamenda - 0.6.10-1 - Update to qatengine v0.6.10 diff --git a/qatengine.spec b/qatengine.spec index 8b35f308..b14bd71d 100644 --- a/qatengine.spec +++ b/qatengine.spec @@ -4,7 +4,7 @@ %global enginesdir %(pkg-config --variable=enginesdir libcrypto) Name: qatengine -Version: 0.6.10 +Version: 0.6.11 Release: 1%{?dist} Summary: Intel QuickAssist Technology (QAT) OpenSSL Engine # Most of the source code is BSD, with the following exceptions: @@ -46,6 +46,9 @@ autoreconf -ivf %exclude %{enginesdir}/qatengine.la %changelog +* Tue Jan 18 2022 Yogaraj Alamenda - 0.6.11-1 +- Update to qatengine v0.6.11 + * Thu Oct 28 2021 Yogaraj Alamenda - 0.6.10-1 - Update to qatengine v0.6.10 diff --git a/test/tests_ecdsa.c b/test/tests_ecdsa.c index 6f6c3d35..c5fc6b73 100644 --- a/test/tests_ecdsa.c +++ b/test/tests_ecdsa.c @@ -52,6 +52,9 @@ #include "tests.h" #include "../qat_utils.h" +# define SM2_ID "TLSv1.3+GM+Cipher+Suite" +# define SM2_ID_LEN sizeof("TLSv1.3+GM+Cipher+Suite") - 1 + static const char rnd_seed[] = "string to make the random number generator think it has entropy"; @@ -89,14 +92,17 @@ static int get_nid(int type) return NID_sect409r1; case B_CURVE_571: return NID_sect571r1; +#ifndef QAT_OPENSSL_3 case P_CURVE_SM2: return NID_sm2; +#endif case 0: return 0; } return -1; } +#ifndef QAT_OPENSSL_3 static int test_sm2_ecdsa(int count, int size, ENGINE * e, int print_output, int verify, int nid, const char *curveName) { @@ -159,6 +165,16 @@ static int test_sm2_ecdsa(int count, int size, ENGINE * e, int print_output, WARN("# FAIL: EVP_PKEY_CTX Alloc Failure\n"); goto builtin_err; } + if (EVP_PKEY_CTX_set1_id(sm2_pctx, SM2_ID, SM2_ID_LEN) != 1) { + ret = -1; + WARN("# FAIL: EVP_PKEY_CTX_set1_id Failure\n"); + goto builtin_err; + } + if (EVP_PKEY_CTX_set1_id(sm2_vfy_pctx, SM2_ID, SM2_ID_LEN) != 1) { + ret = -1; + WARN("# FAIL: EVP_PKEY_CTX_set1_id Failure\n"); + goto builtin_err; + } EVP_MD_CTX_set_pkey_ctx(sm2_ctx, sm2_pctx); EVP_MD_CTX_set_pkey_ctx(sm2_vfy_ctx, sm2_vfy_pctx); @@ -237,6 +253,7 @@ static int test_sm2_ecdsa(int count, int size, ENGINE * e, int print_output, INFO("# FAIL SM2_ECDSA Sign/Verify for nid %s\n",curveName); return ret; } +#endif /****************************************************************************** * function: @@ -274,9 +291,11 @@ static int test_ecdsa(int count, int size, ENGINE * e, int print_output, int ret = 0, i; char buf[256]; +#ifndef QAT_OPENSSL_3 if (nid == NID_sm2) return test_sm2_ecdsa(count, size, e, print_output, verify, nid, curveName); +#endif out = BIO_new(BIO_s_file()); if (out == NULL) { @@ -407,11 +426,13 @@ static int test_ecdsa(int count, int size, ENGINE * e, int print_output, } /* Verify Signature with a wrong digest*/ +#if CPA_CY_API_VERSION_NUM_MAJOR < 3 if (ECDSA_verify(0, wrong_digest, size, signature, sig_len, eckey) == 1) { WARN("# FAIL: Verified with wrong digest\n"); ret = -1; goto builtin_err; } +#endif builtin_err: if (eckey)